PT-2008-1584 · Joovili · Joovili
Echoll
·
Publicado
2008-01-04
·
Atualizado
2017-09-29
·
CVE-2007-6621
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Joovili versions 3.0.0 through 3.0.6
Description
A directory traversal issue in joovili.images.php allows remote attackers to read arbitrary files by using a .. (dot dot) in the
picture parameter.Recommendations
For versions 3.0.0 through 3.0.6, consider restricting access to the joovili.images.php file until a patch is available. As a temporary workaround, avoid using the
picture parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Joovili